NIST Small Business Cybersecurity Act Passes In House

Oct 25, 2017 / Author Jeffrey Haut

Small businesses will soon receive much-needed help with cybersecurity. The National Institute of Standards and Technology (NIST), which previously developed the 2014 NIST Cybersecurity Framework and 2016 publication “Small Business Information Security: the Fundamentals,” has been intricately involved in building our nation’s cyber-resiliency.

Earlier this month, the 2017 NIST Small Business Cybersecurity Act passed in the House of Representatives. The NIST Act’s companion bill in the Senate, the MAIN STREET Cybersecurity Act of 2017, passed late last month.

The House bill directs NIST to develop and disseminate “clear and concise resources for small business concerns to help reduce their cybersecurity risks.” These resources include elements that will help “promote awareness of simple, basic controls, a workplace cybersecurity culture, and third-party stakeholder relationships, to assist small business concerns in mitigating cybersecurity risks.”

In other words, small businesses will have the opportunity to begin implementing cybersecurity best practices by obtaining free, voluntary guides developed by industry experts. These guides can help businesses mitigate the ever-growing risks of cyber threats with simple “cyber hygiene” tips and basic enterprise risk management strategies.

After the Senate bill and House bill to go through the reconciliation process, small businesses can expect to see new resources from NIST within a year after the President signs the bill into law.

Mr. Haut focuses on litigation relating to commercial litigation, cybersecurity, and privacy law matters. In his final year of law school, Mr. Haut served on the Sherman Minton Moot Court Executive Board, where he helped draft the Moot Court competition problem — exploring issues relating to government searches of electronic devices, cybercrime, and sentencing reform.